Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e37322e302f32312d3234203d3e2037303239.roa
File:                     3134352e31312e37322e302f32312d3234203d3e2037303239.roa (raw, json)
Hash identifier:          DBwnCxI4mRxd4vlJSxJ5G9Ga0SSCYlrsGcEz8NZMm0c=
Subject key identifier:   52:D7:D8:CA:5D:F4:3F:EE:2C:7D:01:CB:AF:54:FB:8F:02:7C:07:FC
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       76C062583FF747D11002B577A85EFFABB413E90C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e37322e302f32312d3234203d3e2037303239.roa
Signing time:             Fri 10 Apr 2026 10:50:28 +0000
ROA not before:           Fri 10 Apr 2026 10:45:28 +0000
ROA not after:            Fri 09 Apr 2027 10:50:28 +0000
asID:                     7029
IP address blocks:        145.11.72.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:14:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:c0:62:58:3f:f7:47:d1:10:02:b5:77:a8:5e:ff:ab:b4:13:e9:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Apr 10 10:45:28 2026 GMT
            Not After : Apr  9 10:50:28 2027 GMT
        Subject: CN=52D7D8CA5DF43FEE2C7D01CBAF54FB8F027C07FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:aa:48:b8:de:d2:87:04:75:6c:de:ca:7a:04:
                    c2:83:ce:dd:e7:72:e2:8b:69:ac:97:65:ab:bb:a2:
                    75:5e:6e:f3:d5:d8:98:9d:77:ce:fc:c1:75:e6:9f:
                    92:4b:8d:c1:d3:50:18:6a:33:2a:e3:80:9c:7d:bd:
                    f2:a7:a9:c8:90:53:79:18:80:3f:62:9b:fc:3c:35:
                    6a:a7:1a:39:c4:9a:4c:48:bd:69:8a:0b:d9:53:0e:
                    b7:db:10:75:dc:98:27:52:7e:f2:19:9b:1b:2d:0f:
                    c5:c3:a4:3f:73:08:88:d3:81:1d:f3:d5:17:e3:46:
                    31:6a:02:44:9c:98:9e:b9:6e:72:79:99:e9:e7:48:
                    28:3a:bf:35:a2:d7:47:23:fa:4b:4d:60:26:17:9e:
                    8d:03:0a:58:30:6d:41:7d:10:2b:04:04:d9:38:7b:
                    24:93:91:06:19:f1:9b:a5:a3:5e:44:27:33:7e:e6:
                    42:35:9f:b7:03:2d:c6:61:7f:22:9b:89:0b:c4:46:
                    c7:62:3a:3d:f3:c4:33:2e:1c:3d:22:11:e6:fc:fa:
                    46:8a:ee:26:05:93:ee:70:fc:13:fe:5b:84:c3:6a:
                    36:6a:06:3d:74:c2:1e:e1:9e:14:48:24:42:e2:bf:
                    09:72:60:47:54:64:2f:40:96:a3:a9:7f:0a:6e:11:
                    a3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D7:D8:CA:5D:F4:3F:EE:2C:7D:01:CB:AF:54:FB:8F:02:7C:07:FC
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3134352e31312e37322e302f32312d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.11.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         25:2f:47:c8:f8:60:7c:1a:24:62:ef:35:2e:9e:d3:91:be:39:
         9c:de:fd:56:b2:f7:9c:22:11:fa:13:f0:c5:09:c3:ea:9f:bc:
         32:73:64:61:02:cb:5f:de:54:b5:f6:4c:ee:3f:5d:28:63:f3:
         cc:d4:ea:b2:3e:9e:b2:aa:1c:f5:ef:74:f4:bc:53:f5:69:75:
         55:b7:80:67:6b:2b:b4:d9:cb:ac:62:d3:07:90:1a:e0:3a:de:
         54:87:e8:29:79:d9:90:ec:29:7a:7f:73:eb:33:15:f1:53:ba:
         bf:54:22:91:f2:05:df:8f:53:b1:dd:cb:bf:9c:e0:e6:d9:90:
         53:b1:2a:6a:d8:bd:1e:01:1f:b0:13:13:ca:96:d5:fd:02:d5:
         a4:b5:46:06:14:12:5a:06:47:bf:9a:ce:7a:3f:0e:d1:eb:e2:
         2c:1f:74:af:ae:43:f1:bf:2c:13:9f:3d:b8:1e:c5:ba:4c:a1:
         d9:47:63:94:f3:b1:0e:f0:8f:f9:da:aa:ee:28:38:6e:f3:1d:
         87:4b:e2:9f:5d:9f:7d:c8:0f:a4:f7:b0:97:38:ad:90:0a:f6:
         f6:9c:d1:c6:af:09:7d:6e:f3:10:80:07:5e:f6:4b:db:ba:1f:
         ac:dd:ac:1a:ce:26:2d:91:f5:75:be:77:ca:34:7a:ca:ff:e5:
         d4:77:11:85
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdsBiWD/3R9EQArV3qF7/q7QT6QwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjA0MTAxMDQ1MjhaFw0yNzA0MDkxMDUwMjhaMDMxMTAvBgNV
BAMTKDUyRDdEOENBNURGNDNGRUUyQzdEMDFDQkFGNTRGQjhGMDI3QzA3RkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNqki43tKHBHVs3sp6BMKDzt3n
cuKLaayXZau7onVebvPV2Jidd878wXXmn5JLjcHTUBhqMyrjgJx9vfKnqciQU3kY
gD9im/w8NWqnGjnEmkxIvWmKC9lTDrfbEHXcmCdSfvIZmxstD8XDpD9zCIjTgR3z
1RfjRjFqAkScmJ65bnJ5mennSCg6vzWi10cj+ktNYCYXno0DClgwbUF9ECsEBNk4
eySTkQYZ8Zulo15EJzN+5kI1n7cDLcZhfyKbiQvERsdiOj3zxDMuHD0iEeb8+kaK
7iYFk+5w/BP+W4TDajZqBj10wh7hnhRIJELivwlyYEdUZC9AlqOpfwpuEaMnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUtfYyl30P+4sfQHLr1T7jwJ8B/wwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzNDM1MmUzMTMxMmUzNzMy
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzczMDMyMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAORC0gw
DQYJKoZIhvcNAQELBQADggEBACUvR8j4YHwaJGLvNS6e05G+OZze/Vay95wiEfoT
8MUJw+qfvDJzZGECy1/eVLX2TO4/XShj88zU6rI+nrKqHPXvdPS8U/VpdVW3gGdr
K7TZy6xi0weQGuA63lSH6Cl52ZDsKXp/c+szFfFTur9UIpHyBd+PU7Hdy7+c4ObZ
kFOxKmrYvR4BH7ATE8qW1f0C1aS1RgYUEloGR7+azno/DtHr4iwfdK+uQ/G/LBOf
PbgexbpModlHY5TzsQ7wj/naqu4oOG7zHYdL4p9dn33ID6T3sJc4rZAK9vac0cav
CX1u8xCAB172S9u6H6zdrBrOJi2R9XW+d8o0esr/5dR3EYU=
-----END CERTIFICATE-----